Next-Gen Security (via Cloud): Part 1 – Identity Management

Security By Design

Enterprises rely on computing systems and automation more than ever to detect threats to intellectual property, reputation, and privacy.

The pace of globalization continues, and the concept of “perimeter erosion” as described by the Jericho Forum is becoming a reality. Traditional boundaries between organizations continue to disappear.

It becomes extremely difficult to take a holistic approach to security, that can facilitate a business-driven security blueprint and strategy that can act as an effective shield of defense for the entire organization.

That’s why organizations are in desperate need of next-generation services that are secure by design, meaning that security is easily made intrinsic to their business processes, their product development, and their daily operations.

A Security Framework

Screen shot 2011-04-14 at 5.20.39 PM

The above enterprise security framework can be used to describe elements of security for the largest of entperises:

  • People and Identity – how to ensure that the correct people have access to the correct assets at the correct time.
  • Data and Information – how to protect critical data in transit or at rest across the organization.
  • Application and Process – how to ensure application and business services security.
  • Network, Server and Endpoint (IT infrastructure) – how to stay ahead of emerging threats across IT system components.
  • Physical Infrastructure – how to leverage the capability for digital controls to secure events—on people or things—in the physical space.

Cloud Security

When someone talks about “Cloud Security” there are typically two perspectives:

  1. How to secure your use of virtual private, and public cloud services, or
  2. How to use the cloud to deliver a more holistic suite of security services

I believe innovation is beginning to occur from both of these perspectives with an emerging suite of Security As A Services, which will disrupt across the entire enterprise security framework. Lets start by looking at “People and Identify Management” and how cloud has been leveraged.

People and Identity Management

Directory services may be old news, but they still represent an important part of the IT infrastructure. The question for many organizations is how to take an existing directory that grew up around locally served applications and services such as file and print, and use it with cloud-based services such as Google and

Too often, the answer is to avoid integration between local identities and the cloud. That choice, convenient as it may be in the short run, is likely to blow up in one’s face someday. As cloud-based services proliferate, the potential only increases for trouble through a compromised user identity, or a dropped ball on the part of an administrator provisioning services for users.

Screen shot 2011-04-14 at 5.32.23 PM

Enter Symplified and its SinglePoint cloud-based single sign-on services. Symplified’s approach to SSO makes heavy use of open-source technologies and methods such as SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) to perform its chores, and delivers it as a SaaS and PaaS offering.

Although the nature of cloud-based services makes it possible to slipstream new features into the mix, Symplified chose instead to implement an entirely new provisioning fabric for SinglePoint in July, implementing augmented synchronization and directory capabilities, and a service that allows companies to use Google and as cloud-based directory services that can authenticate users in other applications.

The new Symplified Identity Vault can substitute for an on-premises directory service, and manage user identities as a cloud-based function, independent of any local infrastructure. For example, in a traditional portal environment, the IT group would maintain users within an LDAP directory; when the Identity Vault is implemented, the portal instead turns to Google or for authentication, and uses the information supplied by the chosen service to deny or grant access.

More on the use of Cloud for securing your data and information; applications and processes; networks, servers and endpoints; and physical infrastructure to come….

Related Articles:

Next-Gen Security (via Cloud): Part 2 – Data and Information

Next-Gen Security (via Cloud): Part 3 – Application and Process

Next-Gen Security (via Cloud): Part 4 – Networks, Servers and Endpoints

Next-Gen Security (via Cloud): Part 5 – Physical Infrastructure

Jim Kaskade

Jim Kaskade is a serial entrepreneur & enterprise software executive of over 36 years. He is the CEO of Conversica, a leader in Augmented Workforce solutions that help clients attract, acquire, and grow end-customers. He most recently successfully exited a PE-backed SaaS company, Janrain, in the digital identity security space. Prior to identity, he led a digital application business of over 7,000 people ($1B). Prior to that he led a big data & analytics business of over 1,000 ($250M). He was the CEO of a Big Data Cloud company ($50M); was an EIR at PARC (the Bell Labs of Silicon Valley) which resulted in a spinout of an AML AI company; led two separate private cloud software startups; founded of one of the most advanced digital video SaaS companies delivering online and wireless solutions to over 10,000 enterprises; and was involved with three semiconductor startups (two of which he founded, one of which he sold). He started his career engineering massively parallel processing datacenter applications. Jim has an Electrical and Computer Science Engineering degree from University of California, Santa Barbara, with an emphasis in semiconductor design and computer science; and an MBA from the University of San Diego with an emphasis in entrepreneurship and finance.

Leave a Reply